Security fixes are currently provided for the latest published release of react-candlesticks.
Because the package is in an early public phase, older prerelease or superseded versions may not receive backported fixes.
Please do not open public GitHub issues for suspected security vulnerabilities.
Instead, report them privately by email to:
info@trendingcandles.com
Please include:
- A clear description of the issue
- Affected package version(s)
- Reproduction steps or a proof of concept, if available
- Any known impact or exploitation considerations
You can expect an initial acknowledgement within 5 business days.
After triage, the goal is to confirm impact, prepare a fix, and coordinate a responsible disclosure when appropriate.